package cn.itcast.filters;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

public class MyPermsFilter extends AuthorizationFilter {
    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
        Subject subject = getSubject(request, response);
        String[] perms = (String[]) mappedValue;
        if (perms != null && perms.length > 0) {
            for (String perm : perms) {
                if(subject.isPermitted(perm)){  //判断当前登录人是否有其中的一个权限
                    return true;
                }
            }
            return false;   // 循环完毕 还没有return true 登录人没有任何其中的一个权限
        }
        return true;
//        return false; //拦截
//        return true; //放行
    }
}
